The Cyber Readiness Institute (CRI) has launched the Cyber Readiness Program to provide small and medium-sized businesses (SMBs) with tools and resources to address formative cybersecurity issues.
The idea is based on company buy-in -- to embed cybersecurity policies and processes indelibly into a company’s culture. Cybersecurity pros have long contended, supported by repeated studies, that companies can best repel cyber attacks by investing in educating, training and increasing the awareness of their employees. For starters, CRI has decided that the program will home in on authentication, phishing, patching and USB use.
SMBs are a prime target of cyber criminals. In 2017, for example, a Ponemon Institute study found that 54 percent of SMBs said they had a data breach involving sensitive information about customers, target customers or employees. The same percentage of SMBs pointed to negligent employees as the root cause of a data breach.
As for the program, it’s offered online in a self-guided format and costs SMBs nothing. It was developed with input from security and subject matter experts, along with feedback from a pilot program of SMBs. SMBs get resources and tools, such as policies, posters, and workforce education materials that maps to a five-stage process. Companies are prompted to designate a Cyber Leader from within their organization to lead the program.
“Since cyber threats treat everyone the same, there are some foundational steps we can take to strengthen all the links in today’s supply chain,” said Ajay Banga, president and CEO of Mastercard who co-chairs CRI. “That starts with best practices and proven tools for smaller business owners who do not have the same resources to invest in these efforts. That’s where CRI comes in.”
Some 19 SMB organizations worldwide, including Hartman Advisors, PSP Partners, International Business Associates Group for Money Transfer, Nexion Health, Hartford County Public Library, HiViz and RH Capital were part of a test run of the program, CRI officials said. Ryan Rickels, the IT director at Hartford Library, one of the outfits participating in the pilot program, characterized the offering as suitable for companies new to cybersecurity as well as those already involved. “For organizations just wading into cybersecurity, the policy templates and training resources significantly cut down on the learning curve, enabling them to build a competent security program using tools they probably already own,” he said. For those already practicing cybersecurity, the tools help them review and formalize policies and procedures, he said.
Some of the organizations CRI is currently working with include CTIA, CyberUSA, Global Automakers, Global Cyber Alliance, The Data Security Council of India, the National Center for Manufacturing Sciences, The Security Network Munich, Cyber Wyoming, Gener8tor, Ethisphere, the Center for Responsible Enterprise And Trade, and the Cybersecurity Collaborative and others. Organizations can sign onto the program by becoming a Cyber Readiness Champion to raise awareness within their networks through website, social media, and email promotion.
“By accessing the resources and experiences of these global companies, whose success depends on their value chains, we have created a program to help small and medium-sized businesses in these value chains become more cyber ready, cyber secure, and resilient," said Kiersten Todt, managing director of CRI and former executive director of the Presidential Commission on Enhancing National Cybersecurity.
CRI was launched in July 2017 by senior industry executives who served on the Commission on Enhancing National Cybersecurity, an independent, bipartisan Commission tasked in 2016 with developing recommendations to secure the digital economy and to provide a roadmap for the incoming Administration.